[ https://issues.apache.org/jira/browse/HADOOP-6419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12828731#action_12828731
]
Allen Wittenauer commented on HADOOP-6419:
------------------------------------------
bq. Does it matter that we don't allow server principals like "a@B.ORG" and insist on "a/c@B.ORG"?
Does SASL insist on it? It is certainly the standard practice, but we are forcing it as a
requirement.
IMO, I do not think Hadoop should force it as a requirement.
> Change RPC layer to support SASL based mutual authentication
> ------------------------------------------------------------
>
> Key: HADOOP-6419
> URL: https://issues.apache.org/jira/browse/HADOOP-6419
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6419-26.patch, c6419-39.patch, c6419-45.patch, c6419-66.patch,
c6419-67.patch, c6419-69.patch, c6419-70.patch, c6419-72.patch, c6419-73.patch
>
>
> The authentication mechanism to use will be SASL DIGEST-MD5 (see RFC-2222 and RFC-2831)
or SASL GSSAPI/Kerberos. Since J2SE 5, Sun provides a SASL implementation by default. Both
our delegation token and job token can be used as credentials for SASL DIGEST-MD5 authentication.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|